Cyberlibertarianism and Lavabit

In class we talked about Cyber libertarianism and whether individuals and organizations acting in whatever capacity they choose should be at liberty from regulation of any central governments. The Lavabit legal suit is a prime example of how government intervention and regulation of Internet is conducted and how users are affected from this regulation.

In the wake of the Edward Snowden leaks, it seems his only form of communication to the outside world was through an email service called Lavabit.  Lavabit offered significant privacy protection for users' email, that included a near impossible asymmetric encryption algorithms, like AES 256 or RSA 4096. The strength of these algorithms used was of a level that is presumed to be impossible for even intelligence agencies to crack. Snowden relied on this service and it proved to be critical to his survival since, he used it for messaging leaked content to the Guardian newspaper reporter, Glenn Greenwald, travel and hotel reservation and applications for political asylum in other countries. The National Security Agency tried to cripple his communication by issued numerous “sealed” national security letters that are like subpoenas but independent of legal courts under the law of the US PATRIOT ACT. These national security letters were issued to Lavabit and demanded they hand over their private SSL key, enabling authorities to access Edward Snowden’s e-mail.

The only problem was that the owner and designer, Ladar Levison had designed the service will only one private SSL key, thus allowing NSA to access the emails of some 400,000 other users. Seeing implication, Levison responded by shutdown his website, but was issued a gag order that legally prevented him to explain to the public why he ended the service. Although, he issued a statement “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." Levison having refused to hand over the site’s private key, Lavabit was then served with a search warrant for the SSL private key and a wiretap, which requires a notably higher legal standard than the previous court order of national security letters. Lead prosecutors asked the court to hold Levison in contempt of court, and while he continued to resist, arguing that by handing over the key, he would be compromising the security of every Lavabit user. Judge Claude Hilton of the court said that “it was effectively Levison's fault that sites have only a single private SSL key”. Levison was ordered to pay a $5,000 fine for each day he did not comply. He eventually complied and sent the SSL Key in 11 pages of 4-Point Type font, however the feds complained that it was illegible. On August 8, he formatted Lavabit entirely, destroying the company’s servers.